From d6f98ab88ec147b317bc9266395320e9cc64329a Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 5 Jun 2018 21:12:42 -0700 Subject: some work to make menus editable by visitors with webpage write permissions; this needed to revise the link structure so that the page specified an owner channel in the url. Otherwise we could only operate on menus owned by local_channel(). Have done some basic regression testing but have not yet fully tested guest editing functionality. --- Zotlabs/Module/Mitem.php | 99 ++++++++++++++++++++++++++++-------------------- 1 file changed, 58 insertions(+), 41 deletions(-) (limited to 'Zotlabs/Module/Mitem.php') diff --git a/Zotlabs/Module/Mitem.php b/Zotlabs/Module/Mitem.php index 28f51b81b..ac7470e13 100644 --- a/Zotlabs/Module/Mitem.php +++ b/Zotlabs/Module/Mitem.php @@ -8,22 +8,25 @@ require_once('include/acl_selectors.php'); class Mitem extends \Zotlabs\Web\Controller { function init() { - - $uid = local_channel(); - - if(array_key_exists('sys',$_REQUEST) && $_REQUEST['sys'] && is_site_admin()) { + + if(argc() > 1 && argv(1) === 'sys' && is_site_admin()) { $sys = get_sys_channel(); - $uid = intval($sys['channel_id']); - \App::$is_sys = true; + if($sys && intval($sys['channel_id'])) { + \App::$is_sys = true; + } } - - if(! $uid) + + if(argc() > 1) + $which = argv(1); + else return; + + profile_load($which); - if(argc() < 2) + if(argc() < 3) return; - $m = menu_fetch_id(intval(argv(1)),$uid); + $m = menu_fetch_id(intval(argv(2)),\App::$profile['channel_id']); if(! $m) { notice( t('Menu not found.') . EOL); return ''; @@ -32,19 +35,27 @@ class Mitem extends \Zotlabs\Web\Controller { } - function post() { + function post() { - $uid = local_channel(); + if(! \App::$profile) { + return; + } + + $which = argv(1); + + + $uid = \App::$profile['channel_id']; - if(\App::$is_sys && is_site_admin()) { + if(array_key_exists('sys', $_REQUEST) && $_REQUEST['sys'] && is_site_admin()) { $sys = get_sys_channel(); $uid = intval($sys['channel_id']); + \App::$is_sys = true; } - if(! $uid) { + if(! $uid) return; - } - + + if(! \App::$data['menu']) return; @@ -63,14 +74,14 @@ class Mitem extends \Zotlabs\Web\Controller { $_REQUEST['mitem_flags'] |= MENU_ITEM_NEWWIN; - $mitem_id = ((argc() > 2) ? intval(argv(2)) : 0); + $mitem_id = ((argc() > 3) ? intval(argv(3)) : 0); if($mitem_id) { $_REQUEST['mitem_id'] = $mitem_id; $r = menu_edit_item($_REQUEST['menu_id'],$uid,$_REQUEST); if($r) { menu_sync_packet($uid,get_observer_hash(),$_REQUEST['menu_id']); //info( t('Menu element updated.') . EOL); - goaway(z_root() . '/mitem/' . $_REQUEST['menu_id'] . ((\App::$is_sys) ? '?f=&sys=1' : '')); + goaway(z_root() . '/mitem/' . $which . '/' . $_REQUEST['menu_id'] . ((\App::$is_sys) ? '?f=&sys=1' : '')); } else notice( t('Unable to update menu element.') . EOL); @@ -82,10 +93,10 @@ class Mitem extends \Zotlabs\Web\Controller { menu_sync_packet($uid,get_observer_hash(),$_REQUEST['menu_id']); //info( t('Menu element added.') . EOL); if($_REQUEST['submit']) { - goaway(z_root() . '/menu' . ((\App::$is_sys) ? '?f=&sys=1' : '')); + goaway(z_root() . '/menu/' . $which . ((\App::$is_sys) ? '?f=&sys=1' : '')); } if($_REQUEST['submit-more']) { - goaway(z_root() . '/mitem/' . $_REQUEST['menu_id'] . '?f=&display=block' . ((\App::$is_sys) ? '&sys=1' : '') ); + goaway(z_root() . '/mitem/' . $which . '/' . $_REQUEST['menu_id'] . '?f=&display=block' . ((\App::$is_sys) ? '&sys=1' : '') ); } } else @@ -96,12 +107,15 @@ class Mitem extends \Zotlabs\Web\Controller { } - function get() { + function get() { $uid = local_channel(); - $channel = \App::get_channel(); + $owner = \App::$profile['channel_id']; + $channel = channelx_by_n($owner); $observer = \App::get_observer(); - + + $which = argv(1); + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); if(\App::$is_sys && is_site_admin()) { @@ -116,15 +130,15 @@ class Mitem extends \Zotlabs\Web\Controller { return ''; } - if(argc() < 2 || (! \App::$data['menu'])) { + if(argc() < 3 || (! \App::$data['menu'])) { notice( t('Not found.') . EOL); return ''; } - $m = menu_fetch(\App::$data['menu']['menu_name'],$uid,$ob_hash); + $m = menu_fetch(\App::$data['menu']['menu_name'],$owner,$ob_hash); \App::$data['menu_item'] = $m; - $menu_list = menu_list($uid); + $menu_list = menu_list($owner); foreach($menu_list as $menus) { if($menus['menu_name'] != $m['menu']['menu_name']) @@ -135,10 +149,10 @@ class Mitem extends \Zotlabs\Web\Controller { $lockstate = (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'); - if(argc() == 2) { + if(argc() == 3) { $r = q("select * from menu_item where mitem_menu_id = %d and mitem_channel_id = %d order by mitem_order asc, mitem_desc asc", intval(\App::$data['menu']['menu_id']), - intval($uid) + intval($owner) ); if($_GET['display']) { @@ -167,6 +181,7 @@ class Mitem extends \Zotlabs\Web\Controller { '$display' => $display, '$lockstate' => $lockstate, '$menu_names' => $menu_names, + '$nick' => $which, '$sys' => \App::$is_sys )); @@ -187,40 +202,41 @@ class Mitem extends \Zotlabs\Web\Controller { '$hintnew' => t('Add menu element'), '$hintdrop' => t('Delete this menu item'), '$hintedit' => t('Edit this menu item'), + '$nick' => $which, )); return $o; } - if(argc() > 2) { - - if(intval(argv(2))) { + if(argc() > 3) { + + if(intval(argv(3))) { $m = q("select * from menu_item where mitem_id = %d and mitem_channel_id = %d limit 1", - intval(argv(2)), - intval($uid) + intval(argv(3)), + intval($owner) ); if(! $m) { notice( t('Menu item not found.') . EOL); - goaway(z_root() . '/menu'. ((\App::$is_sys) ? '?f=&sys=1' : '')); + goaway(z_root() . '/menu/'. $which . ((\App::$is_sys) ? '?f=&sys=1' : '')); } $mitem = $m[0]; $lockstate = (($mitem['allow_cid'] || $mitem['allow_gid'] || $mitem['deny_cid'] || $mitem['deny_gid']) ? 'lock' : 'unlock'); - if(argc() == 4 && argv(3) == 'drop') { - menu_sync_packet($uid,get_observer_hash(),$mitem['mitem_menu_id']); - $r = menu_del_item($mitem['mitem_menu_id'], $uid, intval(argv(2))); - menu_sync_packet($uid,get_observer_hash(),$mitem['mitem_menu_id']); + if(argc() == 5 && argv(4) == 'drop') { + menu_sync_packet($owner,get_observer_hash(),$mitem['mitem_menu_id']); + $r = menu_del_item($mitem['mitem_menu_id'], $owner, intval(argv(3))); + menu_sync_packet($owner,get_observer_hash(),$mitem['mitem_menu_id']); if($r) info( t('Menu item deleted.') . EOL); else notice( t('Menu item could not be deleted.'). EOL); - goaway(z_root() . '/mitem/' . $mitem['mitem_menu_id'] . ((\App::$is_sys) ? '?f=&sys=1' : '')); + goaway(z_root() . '/mitem/' . $which . '/' . $mitem['mitem_menu_id'] . ((\App::$is_sys) ? '?f=&sys=1' : '')); } // edit menu item @@ -234,7 +250,7 @@ class Mitem extends \Zotlabs\Web\Controller { '$allow_gid' => acl2json($mitem['allow_gid']), '$deny_cid' => acl2json($mitem['deny_cid']), '$deny_gid' => acl2json($mitem['deny_gid']), - '$mitem_id' => intval(argv(2)), + '$mitem_id' => intval(argv(3)), '$mitem_desc' => array('mitem_desc', t('Link text'), $mitem['mitem_desc'], '','*'), '$mitem_link' => array('mitem_link', t('Link or Submenu Target'), $mitem['mitem_link'], 'Enter URL of the link or select a menu name to create a submenu', '*', 'list="menu-names"'), '$usezid' => array('usezid', t('Use magic-auth if available'), (($mitem['mitem_flags'] & MENU_ITEM_ZID) ? 1 : 0), '', array(t('No'), t('Yes'))), @@ -242,7 +258,8 @@ class Mitem extends \Zotlabs\Web\Controller { '$mitem_order' => array('mitem_order', t('Order in list'),$mitem['mitem_order'],t('Higher numbers will sink to bottom of listing')), '$submit' => t('Submit'), '$lockstate' => $lockstate, - '$menu_names' => $menu_names + '$menu_names' => $menu_names, + '$nick' => $which )); return $o; -- cgit v1.2.3